Build & Sign Info Release #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Sign Info Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Version tag (e.g. 5.1.0)" | |
| required: true | |
| info_title: | |
| description: "Title for info update" | |
| required: true | |
| info_md_file: | |
| description: "Path to your .md file (optional, default=whatsnew.md)" | |
| required: false | |
| default: "whatsnew.md" | |
| survey_title: | |
| description: "Survey title" | |
| required: false | |
| survey_url: | |
| description: "Survey form URL" | |
| required: false | |
| permissions: | |
| contents: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install deps | |
| run: pip install cryptography | |
| - name: Prepare info file | |
| run: | | |
| mkdir -p artifacts | |
| if [ -f "${{ github.event.inputs.info_md_file }}" ]; then | |
| cp "${{ github.event.inputs.info_md_file }}" artifacts/whatsnew.md | |
| else | |
| echo "No markdown file found. Creating default whatsnew.md" | |
| echo "# Update Information\n\nNo new details provided." > artifacts/whatsnew.md | |
| fi | |
| - name: Create manifest | |
| id: make_manifest | |
| run: | | |
| info_url="https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.version }}/whatsnew.md" | |
| python - <<'PY' | |
| import json, datetime, os | |
| updates = [ | |
| { | |
| "type": "info", | |
| "title": "${{ github.event.inputs.info_title }}", | |
| "content_url": "https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.version }}/whatsnew.md" | |
| } | |
| ] | |
| survey_title = "${{ github.event.inputs.survey_title }}".strip() | |
| survey_url = "${{ github.event.inputs.survey_url }}".strip() | |
| if survey_title and survey_url: | |
| updates.append({ | |
| "type": "survey", | |
| "title": survey_title, | |
| "form_url": survey_url | |
| }) | |
| manifest = { | |
| "version": "${{ github.event.inputs.version }}", | |
| "release_date": datetime.datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ"), | |
| "updates": updates | |
| } | |
| with open("update.json", "w") as f: | |
| f.write(json.dumps(manifest, separators=(',', ':'), sort_keys=True)) | |
| print("Created update.json (survey included:", bool(survey_title and survey_url), ")") | |
| PY | |
| - name: Prepare private key | |
| env: | |
| PRIVATE_PEM_BASE64: ${{ secrets.PRIVATE_PEM_BASE64 }} | |
| run: | | |
| echo "$PRIVATE_PEM_BASE64" | base64 -d > private.pem | |
| - name: Sign manifest | |
| run: python tools/sign_manifest.py update.json private.pem update.json.sig | |
| - name: Create Release | |
| id: create_release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ github.event.inputs.version }} | |
| name: Info Update ${{ github.event.inputs.version }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload manifest (gh CLI) | |
| run: | | |
| gh release upload "${{ github.event.inputs.version }}" update.json update.json.sig artifacts/whatsnew.md --clobber | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |